If you live in Japan and have hacking skills, the government wants you—to join its information security team. A shortage of qualified engineers combined with a growing number of more sophisticated attacks has the nation worried about being able to fight the problem effectively.
Cyberattacks have been a problem in the area, especially in the Korean Peninsula. Back in March, 32,000 computers froze up at three television networks and three banks in South Korea. Another attack in June affected media companies and the offices of the country’s president and prime minister. South Korean officials believe that both attacks came from an organized group of hackers trained by the North Korean government.
Attacks like these have the Japanese government worried about them happening in their country. The Information-Technology Protection Agency (IPA), a division of Japan’s Ministry of Economy, Trade and Industry recently hosted an exclusive training program to develop security engineers where only one out of six applicants was selected to attend. The format was a combination of instruction from security experts and even included a hacking competition.
Using hackers to deal with security vulnerabilities is nothing new. One of the most famous hackers in U.S. technology history, Kevin Mitnick, served five years in federal prison for computer hacking crimes. He now runs his own security firm helping companies discover vulnerabilities and tighten their security. Other hackers like Kevin Poulsen and Mark Abene have gone mainstream after serving time.
The demand for security engineers with hacking skills is not limited to Japan or Korea either. There are several courses in the field of ‘ethical’ or ‘white hat’ hacking in the U.S. that train students to protect sensitive systems from attacks.
The practice of hiring skilled hackers to protect security raises some concerns. In Japan, some who train to become security engineers are worried that their skills won’t be useful anywhere else but working for the government. From the government’s perspective, the biggest concern is what happens when you train engineers to have all these hacking skills and they quit their jobs to do something else? What if you end up training someone to develop the skills to cause widespread damage?
Dealing with the problem becomes a matter of managing risk. Companies and government agencies can put a lot of measures and safeguards in place to lessen the likelihood of a security engineer going rogue, but no system is perfect. The bigger risk with cyber security is to be fearful of all the what-ifs and do nothing at all.